On 15/06/18 16:45, Reinhard Müller wrote: > Am 2018-06-15 um 12:12 schrieb Daniel Pocock: >>> No proprietary software runs on any of FSFE's servers in userspace, and >>> of course all software developed by FSFE staff or by contractors paid by >>> FSFE is free software. >>> >> So what is Jonas referring to in his blog[1]? > > I don't know whether he refers to a specific case at all. I read his > blog post as a general consideration, and I can't find any mention of > FSFE in there. > > If you want to know what he refers to, did you consider asking him? > > I hope you don't want to tell us that this blog post is the foundation > on which you base your complains that FSFE uses proprieatary software??
It is not just about Jonas' blog post. Some communication apps like Skype and Twitter have been mentioned in various places. For example, on the team list, there is message 1498121148.fd6avqk03q...@vita.none and some other messages in that thread. It is not clear whether anybody has it on FSFE or private devices or not at all. In this particular thread, another staff member, Erik, has written "I propose you trust us that we use Free Software always and that this is minimum 95%, including our phones, landlines, printers etc." and that leaves open the question about the other 5% I didn't try to write the motion with lots of little rules and things because I was hoping people would approach the question maturely. If the motion is revised to focus on something like "staff computers" and people reply that only the firmware is non-free but they don't tell us they are using non-free apps on their personal mobile phones to do FSFE stuff then they are not respecting the intention of the motion The motion should also apply to firmware. Think about some of the following: - printer firmware: many modern network printers are automatically phoning home to their manufacturer to report about usage and download updates. - IP phones on your desk: how do you know the microphone can't be switched on remotely if it runs non-free firmware? In fact, such exploits are well known Some organizations even generate these reports (or the skeleton of the report) automatically, extracting a list of all known MAC addresses from their switches and access points, installing management agents on every host with a function to detect all installed binaries and also observing all network connections and correlating them back to the respective binaries. Such data could be cross referenced with checksums of trusted binaries and the data could be annotated on a wiki page. Regards, Daniel _______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct